WO2016011824A1 - Hotspot configuration method, access method and device in wireless local area network - Google Patents

Hotspot configuration method, access method and device in wireless local area network Download PDF

Info

Publication number
WO2016011824A1
WO2016011824A1 PCT/CN2015/074785 CN2015074785W WO2016011824A1 WO 2016011824 A1 WO2016011824 A1 WO 2016011824A1 CN 2015074785 W CN2015074785 W CN 2015074785W WO 2016011824 A1 WO2016011824 A1 WO 2016011824A1
Authority
WO
WIPO (PCT)
Prior art keywords
hotspot
hot spot
link
terminal
type
Prior art date
Application number
PCT/CN2015/074785
Other languages
French (fr)
Chinese (zh)
Inventor
马岚
杨翠红
张百胜
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Priority to US15/328,182 priority Critical patent/US20180027025A1/en
Priority to EP15825357.5A priority patent/EP3174325B1/en
Publication of WO2016011824A1 publication Critical patent/WO2016011824A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • H04L63/205Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0893Assignment of logical groups to network elements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • H04W12/0431Key distribution or pre-distribution; Key agreement
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/062Pre-authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/69Identity-dependent
    • H04W12/73Access point logical identity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W28/00Network traffic management; Network resource management
    • H04W28/16Central resource management; Negotiation of resources or communication parameters, e.g. negotiating bandwidth or QoS [Quality of Service]
    • H04W28/18Negotiating wireless communication parameters
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W36/00Hand-off or reselection arrangements
    • H04W36/24Reselection being triggered by specific parameters
    • H04W36/30Reselection being triggered by specific parameters by measured or perceived connection quality data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W48/00Access restriction; Network selection; Access point selection
    • H04W48/18Selecting a network or a communication service
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0894Policy-based network configuration management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W76/00Connection management
    • H04W76/10Connection setup
    • H04W76/15Setup of multiple wireless link connections
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/18Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/02Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
    • H04W84/10Small scale networks; Flat hierarchical networks
    • H04W84/12WLAN [Wireless Local Area Networks]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W88/00Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
    • H04W88/08Access point devices

Definitions

  • WLAN refers to the application of wireless communication technology to interconnect computer devices to form a network system that can communicate with each other and achieve resource sharing.
  • the essence of WLAN is that the communication cable is no longer used to connect the computer to the network, but is connected wirelessly, which makes the construction of the network and the movement of the terminal more flexible.
  • Wireless fidelity (WiFi) technology is essentially a commercial certification.
  • Wi-Fi certified products comply with the IEEE 802.11b wireless network specification. It is the most widely used standard in WLAN, and the band is 2.4 GHz.
  • WLAN based on WiFi technology has become more and more popular, and coverage has become more and more extensive.
  • WLAN has become more and more people with its free and unlimited charm, especially as a new way for young people to live online. People hope that More and more public places can use WLAN to quickly and easily surf, browse or download information online.
  • the WLAN can be deployed in two ways: mode one: WLAN is deployed in an encrypted manner; and second, the WLAN is deployed in an unencrypted manner.
  • the WLAN In the first mode, the WLAN is deployed in an encrypted manner.
  • the user When the user connects to the WLAN, the user needs to obtain the key information through a certain channel, such as an inquiry, so that the user is not convenient to use in a public place.
  • the embodiment of the present invention is to provide a hotspot configuration method, an access method, and a device in a WLAN, which can ensure the security of data communication in a WLAN without affecting the user experience.
  • An embodiment of the present invention provides a hotspot configuration method in a WLAN, where the method includes:
  • the wireless access node configures a first hotspot having an unencrypted attribute and a second hotspot having an encrypted attribute, and a Service Set Identifier (SSID) of the first hotspot is the same as an SSID of the second hotspot;
  • SSID Service Set Identifier
  • An embodiment of the present invention provides an access method in a WLAN, where a first hotspot having an unencrypted attribute, a second hot spot having an encryption attribute, and a switching policy between the first hot spot and the second hot spot are configured.
  • the SSID of the first hotspot is the same as the SSID of the second hotspot; the method further includes:
  • the first configuration module is configured to configure a first hot spot having an unencrypted attribute and a second hot spot having an encrypted attribute, where an SSID of the first hot spot is the same as an SSID of the second hot spot;
  • the second configuration module is configured to configure a switching policy between the first hotspot and the second hotspot, where the switching policy is used to switch communication between the terminal and the first hotspot to be the second hotspot Communication between.
  • the embodiment of the present invention further provides a wireless access node, where the wireless access node includes: a first configuration module, a second configuration module, a receiving module, and a connection management module;
  • the first configuration module is configured to configure a first hot spot having an unencrypted attribute and a second hot spot having an encrypted attribute, where an SSID of the first hot spot is the same as an SSID of the second hot spot;
  • the second configuration module is configured to configure between the first hot spot and the second hot spot a handover policy, the handover policy is used to switch communication between the terminal and the first hotspot to communication with the second hotspot;
  • the connection management module is configured to: forward the WPS request message from the first link corresponding to the first hot spot to the second link corresponding to the second hot spot according to the switching policy between the first hot spot and the second hot spot And establishing a WPS session negotiation process with the terminal by using the second link, where the first link is a link established between the terminal and the first hotspot, and the second link is A link established between the terminal and the second hotspot.
  • the wireless access node is configured with a first hot spot having no encryption attribute and a second hot spot having an encryption attribute, and the SSID of the first hot spot
  • the SSID of the second hotspot is the same; and the switching policy between the first hotspot and the second hotspot is configured, where the switching policy is used to switch the communication between the terminal and the first hotspot to be the second hotspot
  • the embodiment of the present invention configures the first hotspot with the non-encrypted attribute, which facilitates the user to access the WLAN; configures the second hotspot with the encrypted attribute, and ensures the security of the communication link in the WLAN;
  • a communication connection between the first hotspot and the second hotspot can be established by using a switching policy between the first hotspot and the second hotspot.
  • the embodiment of the present invention automatically switches the terminal from the first link with a lower security level to the second link with a higher security level, without affecting the user body.
  • the security of the communication link in the WLAN is guaranteed under the premise of the test.
  • FIG. 1 is a schematic flowchart of implementing a hotspot configuration in a wireless local area network according to an embodiment of the present invention
  • FIG. 2 is a schematic flowchart of an implementation method of an access method in a wireless local area network according to an embodiment of the present invention
  • FIG. 6 is a schematic structural diagram of another wireless access node according to an embodiment of the present invention.
  • the wireless access node first configures a first hotspot having an unencrypted attribute and a second hotspot having an encrypted attribute, and the SSID of the first hot spot is the same as the SSID of the second hot spot. And configuring a switching policy between the first hotspot and the second hotspot, where the switching policy is used to switch communication between the terminal and the first hotspot to communication with the second hotspot;
  • the WPS request message sent by the terminal is received by the first link; and the WPS request message is sent by the first link corresponding to the first hot spot according to the switching policy between the first hot spot and the second hot spot.
  • Step S100 The wireless AP configures a first hotspot having an unencrypted attribute and a second hotspot having an encrypted attribute, where the service set identifier of the first hotspot is the same as the service set identifier of the second hotspot;
  • the network parameters of the first hotspot are configured as: SSID1, the security type is unencrypted, and the network type is broadcast;
  • the network parameters of the second hotspot are: SSID2, security type is encryption type, network type Is not a broadcast type;
  • the SSID1 is the same as the SSID2.
  • the unencrypted type may be an Open Open type
  • the encryption type may be a WiFi network secure access (WPA) or a WPA2 encryption type, and the unencrypted type and the encryption type are not specifically limited.
  • WPA WiFi network secure access
  • the SSID1 configured as the first hot spot of the broadcast type is visible, and the SSID2 configured as the second hot spot of the non-broadcast type is invisible; when the terminal is within the network range of the public WLAN arranged by the operator, the user turns on the terminal
  • the WiFi connection function can automatically search for the first hot spot of the Open type through the WiFi connection function. Since the second hotspot is configured as a network type that does not broadcast the SSID, the second hotspot cannot be searched by the conventional WiFi connection function.
  • N is a positive integer
  • corresponding network parameters are configured for each hotspot; wherein each hotspot has the same SSID, and the N mutually independent hotspots
  • the network parameters corresponding to at least one hotspot are configured as follows: the network type is broadcast type, and the security type is unencrypted type, so that the user accesses the WLAN; at least one hotspot corresponding network parameter is configured as: the network type is not broadcast type, security Type is encryption Type to guarantee the security of the communication link in the WLAN.
  • Step S101 Configure a handover policy between the first hotspot and the second hotspot, where the handover policy is used to switch communication between the terminal and the first hotspot to communication with the second hotspot;
  • the handover policy is a connection switching policy between the network parameters corresponding to the first hotspot and the second hotspot, and the connection channel between the network corresponding to the first hotspot and the corresponding network of the second hotspot is established according to the handover policy.
  • the handover policy is a connection switching policy between the network parameters corresponding to the first hotspot and the second hotspot, and the connection channel between the network corresponding to the first hotspot and the corresponding network of the second hotspot is established according to the handover policy.
  • the first hotspot with the network type being the broadcast type and the security type being the unencrypted type is configured to facilitate the user to access the WLAN;
  • the second hotspot with the network type being the non-broadcast type and the security type being the encryption type is configured. Securing the security of the communication link in the WLAN; and, by using a handover policy between the first hotspot and the second hotspot, establishing a communication connection between the first hotspot and the second hotspot for subsequent delivery Messages during the WPS session negotiation process.
  • an embodiment of the present invention provides an access method in a WLAN, where a wireless AP pre-configures a first hotspot, a second hotspot, and a switching policy between the first hotspot and the second hotspot;
  • a wireless AP pre-configures a first hotspot, a second hotspot, and a switching policy between the first hotspot and the second hotspot;
  • Step S201 The wireless AP sends a WPS request message through the first link receiving terminal.
  • the first link is a link established between the terminal and the first hotspot.
  • Step S202 Establish a connection channel between the network corresponding to the first hot spot and the corresponding network of the second hot spot according to the switching policy between the first hot spot and the second hot spot, and send the WPS request message by using the connection channel.
  • the first link corresponding to the first hot spot is transmitted to the second link corresponding to the second hot spot.
  • connection channel between the network corresponding to the first hot spot and the network corresponding to the second hot spot is established according to the switching policy between the first hot spot and the second hot spot, and the WPS request is sent through the connection channel
  • the message is delivered by the first link corresponding to the first hot spot to the second link corresponding to the second hot spot.
  • the first link is a link established between the terminal and the first hot spot
  • the second link is a link established between the terminal and the second hot spot.
  • the network connection request is redirected to the web authentication server set by the operator for access, and the terminal can enter the web authentication website through the web browser, input the username and password of the WiFi service, and perform WiFi service verification;
  • the authentication server After obtaining the user name and password input by the user, the authentication server performs legality verification on the user identity of the terminal according to the obtained user name and password, and then notifies the wireless AP and the terminal of the verification result.
  • the WPS request message may be sent by the first link receiving terminal; a switching policy between a hot spot and a second hot spot, the WPS request message is transmitted from a first link corresponding to the first hot spot to a second link corresponding to the second hot spot, and the second link and the second link are
  • the terminal establishes a WPS session negotiation process, where the first link is a link established between the terminal and the first hotspot, and the second link is a chain established between the terminal and the second hotspot. Therefore, the embodiment of the present invention automatically switches from the first link with a lower security level to the second link with a higher security level, and can ensure the security of the communication link in the WLAN without affecting the user experience.
  • the access flow in the WLAN in the embodiment of the present invention is described in detail below by using the first embodiment and the second embodiment as an example:
  • a first hotspot having an unencrypted attribute and a second hot spot having an encrypted attribute, and a switching policy between the first hotspot and the second hotspot are configured in advance; wherein the first hotspot network
  • the parameter configuration is: SSID1 is Chinanet, the security type is Open, and the network type is broadcast.
  • the network parameters of the second hotspot are: SSID2 is Chinanet, security type is WAP2 encryption type, and network type is non-broadcast type.
  • the user When the current location of the terminal is within the network range of the public WLAN deployed by the operator, the user turns on the WiFi function of the terminal, and automatically searches for and displays the visible hotspot within the current WLA network through the WiFi function, and the user selects and connects to the service set identifier as Chinanet.
  • the first hot spot establishes an Open link with the first hot spot.
  • the access process in the WLAN in the first embodiment, as shown in FIG. 3, specifically includes the following steps:
  • Step S300 The wireless AP receives the network connection request sent by the terminal by using the Open link.
  • Step S301 When receiving the network connection request sent by the terminal, verify the validity of the user identity of the terminal; if the verification is successful, establish a WPS session negotiation process with the terminal through the Open link, and proceed to step S302; If the verification fails, the Open link between the terminal and the first hotspot is disconnected, and the processing flow ends.
  • the terminal can enter the web authentication website through the web browser, input the username and password of the WiFi service, and perform WiFi service verification; the web authentication After obtaining the user name and password entered by the user, the server performs legality verification on the identity of the user of the terminal according to the obtained user name and password, and then notifies the wireless AP and the terminal of the verification result, and instructs the terminal to initiate a WPS process. .
  • the terminal when the terminal receives the verification pass message, it initiates a WPS process flow; meanwhile, it sends a WPS request message to the wireless AP based on the established Open link.
  • Step S302 Receive, by using an Open link, the terminal to send a WPS request message.
  • Step S303 The WPS request message is transmitted from the Open link corresponding to the first hot spot to the WAP2 encrypted link corresponding to the second hot spot according to the switching policy between the first hot spot and the second hot spot, and the The WAP2 encrypted link establishes a WPS session negotiation process with the terminal.
  • the key is negotiated with the terminal and a data connection is established, which can ensure the security of the communication link in the WLAN.
  • the terminal is consistent with the operation step of connecting the existing Open hotspot, and the WPA2-protected encrypted link can be established corresponding to the second hotspot without inputting the password of the second hotspot.
  • the data transmission is performed by the WPA2-protected encrypted link; in this way, the terminal can be automatically switched to the WPA2-protected encrypted link corresponding to the second hotspot by the Open link corresponding to the first hotspot that is initially connected, through the encrypted link protected by WPA2 Data transmission is performed to ensure the security of the communication link in the WLAN without affecting the user experience.
  • the user when the current location of the terminal is within the network range of the public WLAN deployed by the operator, the user turns on the WiFi function of the terminal, and automatically searches for and displays the visible hotspot in the current WLA network range through the WiFi function. Selecting and connecting to the first hot spot whose service set identifier is Chinanet, and establishing an Open link with the first hotspot.
  • the access procedure in the WLAN in the second embodiment, as shown in FIG. 4, specifically includes the following steps:
  • Step S400 The wireless AP receives the network connection request sent by the terminal by using the Open link.
  • Step S401 When receiving the network connection request sent by the terminal, establish a WPS session negotiation process with the terminal through the Open link.
  • Step S403 The WPS request message is transmitted from the Open link corresponding to the first hot spot to the WAP2 corresponding to the second hot spot according to the switching policy between the first hot spot and the second hot spot. Encrypting the link and establishing a WPS session negotiation process with the terminal through the WAP2 encrypted link.
  • the embodiment of the present invention further provides two types of wireless APs.
  • the principle and method for solving the problem by the wireless AP are similar. Therefore, the implementation process and implementation principles of the wireless AP can refer to the implementation process and the implementation principle of the foregoing method. , the repetition will not be repeated.
  • a wireless AP includes: a first configuration module 500 and a second configuration module 501;
  • the first configuration module 500 is configured to configure a first hotspot with an unencrypted attribute and a second hotspot with an encrypted attribute, where the service set identifier SSID of the first hotspot is the same as the SSID of the second hotspot;
  • the unencrypted network type is an Open Open type
  • the encrypted network type is a WPA2 type
  • the second configuration module 501 is configured to configure a handover policy between the first hotspot and the second hotspot, where the handover policy is used to switch communication between the terminal and the first hotspot to be the second hotspot Communication between.
  • the various parts of the wireless access node described above are separately described by functions into various modules or units.
  • the division of the above functional units or modules is only a preferred implementation manner of the embodiments of the present invention, and the division manner of the functional units or modules does not constitute a limitation of the present invention.
  • the first configuration module 500 is configured to configure a first hotspot with an unencrypted attribute and a second hotspot with an encrypted attribute, where the service set identifier of the first hot spot identifies the SSID and the second hotspot Same SSID;
  • the second configuration module 501 is configured as a switching policy between the first hotspot and the second hotspot, where the switching policy is used to switch communication between the terminal and the first hotspot to be between the second hotspot and the second hotspot.
  • the receiving module 600 is configured to send a WPS request message by using the first link receiving terminal;
  • the wireless AP further includes:
  • the various parts of the wireless access node described above are separately described by functions into various modules or units.
  • the division of the above functional units or modules is only a preferred implementation manner of the embodiments of the present invention, and the division manner of the functional units or modules does not constitute a limitation of the present invention.
  • the wireless AP may be a simple wireless access point with a function of automatically switching links, a wireless router, a wireless gateway, or a wireless bridge.
  • the first configuration module 500 and the second configuration module 501 may be located by a central processing unit (CPU), a microprocessor (MPU), a digital signal processor (DSP), or a field located in the wireless AP.
  • Programming gate array (FPGA) implementation; the first configuration module 500, the second configuration module 501, the receiving module 600, and the connection management module 601 may be a central processing unit (CPU), a microprocessor (MPU) located at the wireless access node ), digital signal processor (DSP), or current Field Programmable Gate Array (FPGA) implementation.
  • CPU central processing unit
  • MPU microprocessor
  • DSP digital signal processor
  • FPGA current Field Programmable Gate Array
  • the wireless access node is configured with a first hotspot with no encryption attribute, which can facilitate the user to access the WLAN, and the second hotspot with the encryption attribute can be configured to ensure the security of the communication link in the WLAN; And establishing, by using a switching policy between the first hotspot and the second hotspot, a communication connection between the first hotspot and the second hotspot.
  • the terminal can be automatically switched from the first link with a lower security level to the second link with a higher security level, and the security of the communication link in the WLAN can be ensured without affecting the user experience.

Abstract

Disclosed is a hotspot configuration method in a wireless local area network. The method comprises: configuring, by a wireless access node, a first hotspot with a non-encryption attribute and a second hotspot with an encryption attribute, wherein an SSID of the first hotspot is the same as an SSID of the second hotspot; and configuring a switching strategy between the first hotspot and the second hotspot, wherein the switching strategy is used for switching the communication between a terminal and the first hotspot into the communication with the second hotspot. Also disclosed at the same time are an access method and device in a wireless local area network.

Description

一种无线局域网中的热点配置方法、接入方法及设备Hotspot configuration method, access method and device in wireless local area network 技术领域Technical field
本发明涉及移动通信系统中的无线通信领域,特别是涉及一种无线局域网(Wireless Local Area Networks,WLAN)中的热点配置方法、接入方法及设备。The present invention relates to the field of wireless communications in a mobile communication system, and in particular, to a hotspot configuration method, an access method, and a device in a wireless local area network (WLAN).
背景技术Background technique
WLAN指应用无线通信技术将计算机设备互联起来,构成可以互相通信和实现资源共享的网络体系。无线局域网本质的特点是不再使用通信电缆将计算机与网络连接起来,而是通过无线的方式连接,从而使网络的构建和终端的移动更加灵活。WLAN refers to the application of wireless communication technology to interconnect computer devices to form a network system that can communicate with each other and achieve resource sharing. The essence of WLAN is that the communication cable is no longer used to connect the computer to the network, but is connected wirelessly, which makes the construction of the network and the movement of the terminal more flexible.
无线保真(wireless fidelity,WiFi)技术实质上是一种商业认证,具有Wi-Fi认证的产品符合IEEE 802.11b无线网络规范,它是WLAN中当前应用最为广泛的标准,采用波段是2.4GHz。在全球范围内,基于WiFi技术的WLAN已经日趋普及,覆盖范围也越来越广泛,WLAN以其自由无限的魅力成为越来越多人,尤其是成为年轻人的网络生活新方式,人们希望在越来越多的公共场所也能使用WLAN快速便捷的到网上冲浪、浏览或下载信息。Wireless fidelity (WiFi) technology is essentially a commercial certification. Wi-Fi certified products comply with the IEEE 802.11b wireless network specification. It is the most widely used standard in WLAN, and the band is 2.4 GHz. Globally, WLAN based on WiFi technology has become more and more popular, and coverage has become more and more extensive. WLAN has become more and more people with its free and unlimited charm, especially as a new way for young people to live online. People hope that More and more public places can use WLAN to quickly and easily surf, browse or download information online.
面对日益高涨的移动数据需求与移动数据网流量瓶颈间的矛盾,运营商早已意识到WLAN会成为重要的移动互联网接入业务,提前部署WLAN扩大WLAN覆盖规模。Faced with the contradiction between the increasing demand for mobile data and the bottleneck of mobile data network traffic, operators have long realized that WLAN will become an important mobile Internet access service, deploying WLAN in advance to expand the scale of WLAN coverage.
现有技术中可以采用两种方式部署WLAN:方式一、采用加密方式部署WLAN;方式二、采用不加密方式部署WLAN。In the prior art, the WLAN can be deployed in two ways: mode one: WLAN is deployed in an encrypted manner; and second, the WLAN is deployed in an unencrypted manner.
发明人在实现本发明的过程中,发现现有WLAN的部署方案至少存在 以下缺陷:In the process of implementing the present invention, the inventor finds that at least the existing WLAN deployment solution exists. The following defects:
1)方式一中采用加密方式部署WLAN,用户在连接WLAN时需要先通过某种渠道,如问询的方式获取到密钥信息,这样,不便于用户在公共场所使用。1) In the first mode, the WLAN is deployed in an encrypted manner. When the user connects to the WLAN, the user needs to obtain the key information through a certain channel, such as an inquiry, so that the user is not convenient to use in a public place.
2)方式二中采用不加密即Open方式部署WLAN,用户在连接WLAN时虽然不需要密钥,能方便用户使用,但由于目前绝大多数公共WiFi环境缺少甚至毫无安全防护措施,这就导致攻击者可以很容易地进入该WLAN,通过网络监听截获WLAN中的数据。在这种情况下,用户在WLAN中传输的任何信息都会暴露在攻击者面前,攻击者可截获用户名、密码、上网记录、设备信息、聊天记录及邮件内容等用户信息,因此,采用Open方式部署WLAN存在极大的安全隐患,严重威胁用户的信息安全。2) In the second mode, the WLAN is deployed in the Open mode without encryption. The user does not need a key when connecting to the WLAN, which is convenient for the user. However, most public wireless WiFi environments lack or even no security measures, which leads to The attacker can easily access the WLAN and intercept the data in the WLAN through the network. In this case, any information transmitted by the user in the WLAN will be exposed to the attacker. The attacker can intercept user information such as user name, password, Internet access, device information, chat history, and email content. Therefore, Open mode is adopted. Deploying a WLAN has great security risks and seriously threatens users' information security.
另外,在方式二中,用户与WLAN建立连接时,首先通过WEB Portal方式重定向到一个用户登陆页面,让用户输入用户名和密码,以对用户身份进行鉴权,但所述身份鉴权主要用于识别用户身份、计费处理,却无助于保护用户接入WLAN的通信链路。In addition, in the second mode, when the user establishes a connection with the WLAN, the user first redirects to a user login page through the WEB Portal mode, and allows the user to input the user name and password to authenticate the user identity, but the identity authentication is mainly used. In order to identify the user identity and billing processing, it does not help to protect the user's access to the WLAN communication link.
发明内容Summary of the invention
有鉴于此,本发明实施例期望提供一种WLAN中的热点配置方法、接入方法及设备,能在不影响用户体验的前提下保障WLAN中数据通信的安全性。In view of this, the embodiment of the present invention is to provide a hotspot configuration method, an access method, and a device in a WLAN, which can ensure the security of data communication in a WLAN without affecting the user experience.
本发明的技术方案是这样实现的:The technical solution of the present invention is implemented as follows:
本发明实施例提供了一种WLAN中的热点配置方法,该方法包括:An embodiment of the present invention provides a hotspot configuration method in a WLAN, where the method includes:
无线访问节点配置具有不加密属性的第一热点与具有加密属性的第二热点,所述第一热点的服务集标识(Service Set Identifier,SSID)与所述第二热点的SSID相同;The wireless access node configures a first hotspot having an unencrypted attribute and a second hotspot having an encrypted attribute, and a Service Set Identifier (SSID) of the first hotspot is the same as an SSID of the second hotspot;
配置所述第一热点与所述第二热点之间的切换策略,所述切换策略用 于将终端与第一热点之间的通信切换为与第二热点之间的通信。And configuring a switching policy between the first hot spot and the second hot spot, where the switching policy is used by Switching communication between the terminal and the first hotspot to communication with the second hotspot.
本发明实施例提供了一种WLAN中的接入方法,配置具有不加密属性的第一热点与具有加密属性的二热点、以及所述第一热点与第二热点之间的切换策略,所述第一热点的SSID与所述第二热点的SSID相同;该方法还包括:An embodiment of the present invention provides an access method in a WLAN, where a first hotspot having an unencrypted attribute, a second hot spot having an encryption attribute, and a switching policy between the first hot spot and the second hot spot are configured. The SSID of the first hotspot is the same as the SSID of the second hotspot; the method further includes:
无线访问节点通过第一链路接收终端发送的WiFi保护设置(WiFi Protected Setup,WPS)请求消息;The wireless access node receives a WiFi Protected Setup (WPS) request message sent by the terminal through the first link;
根据所述第一热点与第二热点之间的切换策略,将所述WPS请求消息由第一热点对应的第一链路传递到第二热点对应的第二链路,并通过所述第二链路与所述终端建立WPS会话协商过程;其中,所述第一链路为终端与所述第一热点之间建立的链路,所述第二链路为终端与所述第二热点之间建立的链路。And transmitting, according to the switching policy between the first hotspot and the second hotspot, the WPS request message by the first link corresponding to the first hot spot to the second link corresponding to the second hot spot, and passing the second The link establishes a WPS session negotiation process with the terminal, where the first link is a link established between the terminal and the first hotspot, and the second link is a terminal and the second hot spot. The link established between.
根据上述方法,本发明实施例提供了一种无线访问节点,所述无线访问节点包括:第一配置模块、第二配置模块;其中,According to the foregoing method, an embodiment of the present invention provides a wireless access node, where the wireless access node includes: a first configuration module and a second configuration module;
所述第一配置模块,配置为配置具有不加密属性的第一热点与具有加密属性的第二热点,所述第一热点的SSID与所述第二热点的SSID相同;The first configuration module is configured to configure a first hot spot having an unencrypted attribute and a second hot spot having an encrypted attribute, where an SSID of the first hot spot is the same as an SSID of the second hot spot;
所述第二配置模块,配置为配置所述第一热点与所述第二热点之间的切换策略,所述切换策略用于将终端与第一热点之间的通信切换为与第二热点之间的通信。The second configuration module is configured to configure a switching policy between the first hotspot and the second hotspot, where the switching policy is used to switch communication between the terminal and the first hotspot to be the second hotspot Communication between.
根据上述方法,本发明实施例还提供了一种无线访问节点,该无线访问节点包括:第一配置模块、第二配置模块、接收模块、连接管理模块;其中,According to the foregoing method, the embodiment of the present invention further provides a wireless access node, where the wireless access node includes: a first configuration module, a second configuration module, a receiving module, and a connection management module;
所述第一配置模块,配置为配置具有不加密属性的第一热点与具有加密属性的第二热点,所述第一热点的SSID与所述第二热点的SSID相同;The first configuration module is configured to configure a first hot spot having an unencrypted attribute and a second hot spot having an encrypted attribute, where an SSID of the first hot spot is the same as an SSID of the second hot spot;
所述第二配置模块,配置为配置所述第一热点与所述第二热点之间的 切换策略,所述切换策略用于将终端与第一热点之间的通信切换为与第二热点之间的通信;The second configuration module is configured to configure between the first hot spot and the second hot spot a handover policy, the handover policy is used to switch communication between the terminal and the first hotspot to communication with the second hotspot;
所述接收模块,配置为通过第一链路接收终端发送的WPS请求消息;The receiving module is configured to receive, by using the first link, a WPS request message sent by the terminal;
所述连接管理模块,配置为根据所述第一热点与第二热点之间的切换策略,将所述WPS请求消息由第一热点对应的第一链路传递到第二热点对应的第二链路,并通过所述第二链路与所述终端建立WPS会话协商过程;其中,所述第一链路为终端与所述第一热点之间建立的链路,所述第二链路为终端与所述第二热点之间建立的链路。The connection management module is configured to: forward the WPS request message from the first link corresponding to the first hot spot to the second link corresponding to the second hot spot according to the switching policy between the first hot spot and the second hot spot And establishing a WPS session negotiation process with the terminal by using the second link, where the first link is a link established between the terminal and the first hotspot, and the second link is A link established between the terminal and the second hotspot.
本发明实施例所提供的WLAN中的热点配置方法、接入方法及设备,无线访问节点配置具有不加密属性的第一热点与具有加密属性的第二热点,所述第一热点的SSID与所述第二热点的SSID相同;并配置所述第一热点与所述第二热点之间的切换策略,所述切换策略用于将终端与第一热点之间的通信切换为与第二热点之间的通信;如此,本发明实施例配置具有不加密属性的第一热点,能方便用户接入WLAN;配置具有加密属性的第二热点,又能保障WLAN中通信链路的安全性;并且,通过所述第一热点与所述第二热点之间的切换策略,能够使所述第一热点与第二热点之间建立通信连接。The hotspot configuration method, the access method, and the device in the WLAN provided by the embodiment of the present invention, the wireless access node is configured with a first hot spot having no encryption attribute and a second hot spot having an encryption attribute, and the SSID of the first hot spot The SSID of the second hotspot is the same; and the switching policy between the first hotspot and the second hotspot is configured, where the switching policy is used to switch the communication between the terminal and the first hotspot to be the second hotspot In this way, the embodiment of the present invention configures the first hotspot with the non-encrypted attribute, which facilitates the user to access the WLAN; configures the second hotspot with the encrypted attribute, and ensures the security of the communication link in the WLAN; A communication connection between the first hotspot and the second hotspot can be established by using a switching policy between the first hotspot and the second hotspot.
优选地,本发明实施例中,在配置第一热点、第二热点、以及所述第一热点与所述第二热点之间的切换策略后,可通过第一链路接收终端发送的WPS请求消息,根据所述第一热点与第二热点之间的切换策略,将所述WPS请求消息由第一热点对应的第一链路传递到第二热点对应的第二链路,并通过所述第二链路与所述终端建立WPS会话协商过程;其中,所述第一链路为终端与所述第一热点之间建立的链路,所述第二链路为终端与所述第二热点之间建立的链路,如此,本发明实施例将终端从安全等级较低的第一链路自动切换到安全等级较高的第二链路,能够在不影响用户体 验的前提下保障WLAN中通信链路的安全性。Preferably, in the embodiment of the present invention, after the first hotspot, the second hotspot, and the switching policy between the first hotspot and the second hotspot are configured, the WPS request sent by the terminal may be received by using the first link. The message, according to the switching policy between the first hotspot and the second hotspot, the WPS request message is transmitted from the first link corresponding to the first hot spot to the second link corresponding to the second hot spot, and The second link establishes a WPS session negotiation process with the terminal, where the first link is a link established between the terminal and the first hotspot, and the second link is a terminal and the second link. The link established between the hotspots, the embodiment of the present invention automatically switches the terminal from the first link with a lower security level to the second link with a higher security level, without affecting the user body. The security of the communication link in the WLAN is guaranteed under the premise of the test.
附图说明DRAWINGS
图1为本发明实施例无线局域网中的热点配置的实现流程示意图;1 is a schematic flowchart of implementing a hotspot configuration in a wireless local area network according to an embodiment of the present invention;
图2为本发明实施例无线局域网中的接入方法的实现流程示意图;2 is a schematic flowchart of an implementation method of an access method in a wireless local area network according to an embodiment of the present invention;
图3为本发明实施例一的无线局域网中的接入方法的实现流程示意图;3 is a schematic flowchart of an implementation method of an access method in a wireless local area network according to Embodiment 1 of the present invention;
图4为本发明实施例二的无线局域网中的接入方法的实现流程示意图;4 is a schematic flowchart of an implementation method of an access method in a wireless local area network according to Embodiment 2 of the present invention;
图5为本发明实施例无线访问节点的组成结构示意图;FIG. 5 is a schematic structural diagram of a structure of a wireless access node according to an embodiment of the present invention; FIG.
图6为本发明实施例另一无线访问节点的组成结构示意图。FIG. 6 is a schematic structural diagram of another wireless access node according to an embodiment of the present invention.
具体实施方式detailed description
本发明实施例中,无线访问节点(Access Point,AP)先配置具有不加密属性的第一热点与具有加密属性的第二热点,所述第一热点的SSID与所述第二热点的SSID相同;并配置所述第一热点与所述第二热点之间的切换策略,所述切换策略用于将终端与第一热点之间的通信切换为与第二热点之间的通信;之后,当用户接入WLAN时,通过第一链路接收终端发送的WPS请求消息;根据所述第一热点与第二热点之间的切换策略,将所述WPS请求消息由第一热点对应的第一链路传递到第二热点对应的第二链路,并通过所述第二链路与所述终端建立WPS会话协商过程;其中,所述第一链路为终端与所述第一热点之间建立的链路,所述第二链路为终端与所述第二热点之间建立的链路。In the embodiment of the present invention, the wireless access node (AP) first configures a first hotspot having an unencrypted attribute and a second hotspot having an encrypted attribute, and the SSID of the first hot spot is the same as the SSID of the second hot spot. And configuring a switching policy between the first hotspot and the second hotspot, where the switching policy is used to switch communication between the terminal and the first hotspot to communication with the second hotspot; When the user accesses the WLAN, the WPS request message sent by the terminal is received by the first link; and the WPS request message is sent by the first link corresponding to the first hot spot according to the switching policy between the first hot spot and the second hot spot. Passing to the second link corresponding to the second hotspot, and establishing a WPS session negotiation process with the terminal by using the second link; wherein the first link is established between the terminal and the first hotspot The second link is a link established between the terminal and the second hotspot.
这里,一个热点在WLAN中对应一个虚拟局域网(Virtual Local Area Network,VLAN),热点的网络参数包括:SSID、安全类型、网络类型等;所述具有不加密属性的第一热点的网络参数包括:SSID1、安全类型为不加密类型、网络类型为广播类型;所述具有加密属性的第二热点的网络参数包括:SSID2、安全类型为加密类型、网络类型为不广播类型;所述SSID1 与所述SSID2相同。Here, a hotspot corresponds to a virtual local area network (VLAN) in the WLAN, and the network parameters of the hotspot include: an SSID, a security type, a network type, and the like; and the network parameters of the first hotspot having the unencrypted attribute include: SSID1, the security type is a non-encryption type, and the network type is a broadcast type; the network parameters of the second hotspot having the encryption attribute include: SSID2, the security type is an encryption type, and the network type is a non-broadcast type; the SSID1 Same as the SSID2.
下面结合附图和具体实施方式对本发明所述方法和装置作进一步说明。The method and apparatus of the present invention are further described below in conjunction with the drawings and specific embodiments.
本发明实施例提出了一种WLAN中的热点配置方法,如图1所示,包括如下步骤:An embodiment of the present invention provides a hotspot configuration method in a WLAN, as shown in FIG. 1 , including the following steps:
步骤S100:无线AP配置具有不加密属性的第一热点及具有加密属性的第二热点,所述第一热点的服务集标识与所述第二热点的服务集标识相同;Step S100: The wireless AP configures a first hotspot having an unencrypted attribute and a second hotspot having an encrypted attribute, where the service set identifier of the first hotspot is the same as the service set identifier of the second hotspot;
这里,将所述第一热点的网络参数配置为:SSID1、安全类型为不加密类型、网络类型为广播类型;将所述第二热点的网络参数为:SSID2、安全类型为加密类型、网络类型为不广播类型;所述SSID1与所述SSID2相同。Here, the network parameters of the first hotspot are configured as: SSID1, the security type is unencrypted, and the network type is broadcast; the network parameters of the second hotspot are: SSID2, security type is encryption type, network type Is not a broadcast type; the SSID1 is the same as the SSID2.
这里,所述不加密类型可以为开放Open类型;所述加密类型可以为WiFi网络安全接入(Protected Access,WPA)或WPA2加密类型,对不加密类型及加密类型不作具体限定。Here, the unencrypted type may be an Open Open type; the encryption type may be a WiFi network secure access (WPA) or a WPA2 encryption type, and the unencrypted type and the encryption type are not specifically limited.
这里,配置为广播类型的第一热点的SSID1是可见的,配置为不广播类型的第二热点的SSID2是不可见的;在终端处于运营商布置的公共WLAN的网络范围内时,用户开启终端的WiFi连接功能,通过WiFi连接功能可以自动搜索到Open类型的第一热点,由于第二热点配置为不广播SSID的网络类型,因此,通过常规的WiFi连接功能搜索不到所述第二热点。Here, the SSID1 configured as the first hot spot of the broadcast type is visible, and the SSID2 configured as the second hot spot of the non-broadcast type is invisible; when the terminal is within the network range of the public WLAN arranged by the operator, the user turns on the terminal The WiFi connection function can automatically search for the first hot spot of the Open type through the WiFi connection function. Since the second hotspot is configured as a network type that does not broadcast the SSID, the second hotspot cannot be searched by the conventional WiFi connection function.
优选地,可扩展至配置N个相互独立的热点,N为正整数;相应的,为每个热点配置对应的网络参数;其中,每个热点的SSID均相同,所述N个相互独立的热点中至少存在一个热点对应的网络参数配置为:网络类型为广播类型、安全类型为不加密类型,以便用户接入WLAN;至少存在一个热点对应的网络参数配置为:网络类型为不广播类型、安全类型为加密 类型,以保障WLAN中通信链路的安全性。Preferably, it can be extended to configure N mutually independent hotspots, where N is a positive integer; correspondingly, corresponding network parameters are configured for each hotspot; wherein each hotspot has the same SSID, and the N mutually independent hotspots The network parameters corresponding to at least one hotspot are configured as follows: the network type is broadcast type, and the security type is unencrypted type, so that the user accesses the WLAN; at least one hotspot corresponding network parameter is configured as: the network type is not broadcast type, security Type is encryption Type to guarantee the security of the communication link in the WLAN.
步骤S101:配置所述第一热点与所述第二热点之间的切换策略,所述切换策略用于将终端与第一热点之间的通信切换为与第二热点之间的通信;Step S101: Configure a handover policy between the first hotspot and the second hotspot, where the handover policy is used to switch communication between the terminal and the first hotspot to communication with the second hotspot;
这里,所述切换策略为所述第一热点与所述第二热点对应的网络参数间的连接切换策略,根据所述切换策略建立第一热点对应的网络与第二热点对应网络间的连接通道,以便后续传递WPS会话协商过程中的消息。Here, the handover policy is a connection switching policy between the network parameters corresponding to the first hotspot and the second hotspot, and the connection channel between the network corresponding to the first hotspot and the corresponding network of the second hotspot is established according to the handover policy. In order to subsequently deliver messages during the WPS session negotiation process.
本发明实施例中,配置网络类型为广播类型、安全类型为不加密类型的第一热点,以方便用户接入WLAN;配置网络类型为不广播类型、安全类型为加密类型的第二热点,以保障WLAN中通信链路的安全性;并且,通过所述第一热点与所述第二热点之间的切换策略,能够使所述第一热点与第二热点之间建立通信连接,以便后续传递WPS会话协商过程中的消息。In the embodiment of the present invention, the first hotspot with the network type being the broadcast type and the security type being the unencrypted type is configured to facilitate the user to access the WLAN; the second hotspot with the network type being the non-broadcast type and the security type being the encryption type is configured. Securing the security of the communication link in the WLAN; and, by using a handover policy between the first hotspot and the second hotspot, establishing a communication connection between the first hotspot and the second hotspot for subsequent delivery Messages during the WPS session negotiation process.
基于上述方法,本发明实施例提出了一种WLAN中的接入方法,无线AP预先配置第一热点、第二热点、以及所述第一热点与第二热点之间的切换策略;之后,当用户接入WLAN时,如图2所示,包括如下步骤:Based on the foregoing method, an embodiment of the present invention provides an access method in a WLAN, where a wireless AP pre-configures a first hotspot, a second hotspot, and a switching policy between the first hotspot and the second hotspot; When the user accesses the WLAN, as shown in Figure 2, the following steps are included:
步骤S201:无线AP通过第一链路接收终端发送WPS请求消息。Step S201: The wireless AP sends a WPS request message through the first link receiving terminal.
这里,所述第一链路为终端与所述第一热点之间建立的链路。Here, the first link is a link established between the terminal and the first hotspot.
步骤S202:根据所述第一热点与所述第二热点之间的切换策略,建立第一热点对应的网络与第二热点对应网络间的连接通道,通过所述连接通道将所述WPS请求消息由第一热点对应的第一链路传输到第二热点对应的第二链路。Step S202: Establish a connection channel between the network corresponding to the first hot spot and the corresponding network of the second hot spot according to the switching policy between the first hot spot and the second hot spot, and send the WPS request message by using the connection channel. The first link corresponding to the first hot spot is transmitted to the second link corresponding to the second hot spot.
这里,根据所述第一热点与所述第二热点之间的切换策略,建立第一热点对应的网络与第二热点对应的网络之间的连接通道,通过所述连接通道将所述WPS请求消息由第一热点对应的第一链路传递到第二热点对应的第二链路。 Here, the connection channel between the network corresponding to the first hot spot and the network corresponding to the second hot spot is established according to the switching policy between the first hot spot and the second hot spot, and the WPS request is sent through the connection channel The message is delivered by the first link corresponding to the first hot spot to the second link corresponding to the second hot spot.
这里,所述第一链路为终端与所述第一热点之间建立的链路,所述第二链路为终端与所述第二热点之间建立的链路。Here, the first link is a link established between the terminal and the first hot spot, and the second link is a link established between the terminal and the second hot spot.
优选地,所述通过第一链路接收终端发送WPS请求消息之前,还包括:步骤S200:通过所述第一链路接收到所述终端发送的网络连接请求时,对所述终端的用户身份进行合法性验证;若验证通过,则通过第一链路与所述终端建立WPS会话协商过程,并转入步骤S201;若验证未通过,则断开所述终端与所述第一热点之间的第一链路,并结束处理流程。Preferably, before the sending, by the first link receiving terminal, the WPS request message, the method further includes: Step S200: When receiving the network connection request sent by the terminal by using the first link, the user identity of the terminal Performing the validity verification; if the verification is passed, establishing a WPS session negotiation process with the terminal through the first link, and proceeding to step S201; if the verification fails, disconnecting between the terminal and the first hot spot The first link and end the processing flow.
这里,对所述终端的用户身份进行合法性验证,具体实现方式如下:Here, the validity of the user identity of the terminal is verified, and the specific implementation manner is as follows:
将所述网络连接请求重定向到运营商所设置的Web认证服务器进行访问,此时终端可以通过Web浏览器进入到Web认证网站,输入WiFi业务的用户名和密码,进行WiFi业务验证;所述Web认证服务器获取到用户输入的用户名和密码后,根据获取的用户名和密码对所述终端的用户身份进行合法性验证,然后,将验证结果通知所述无线AP及终端。The network connection request is redirected to the web authentication server set by the operator for access, and the terminal can enter the web authentication website through the web browser, input the username and password of the WiFi service, and perform WiFi service verification; After obtaining the user name and password input by the user, the authentication server performs legality verification on the user identity of the terminal according to the obtained user name and password, and then notifies the wireless AP and the terminal of the verification result.
本发明实施例中,在配置第一热点、第二热点、以及所述第一热点与第二热点之间的切换策略后;可通过第一链路接收终端发送WPS请求消息;根据所述第一热点与第二热点之间的切换策略,将所述WPS请求消息由第一热点对应的第一链路传递到第二热点对应的第二链路,并通过所述第二链路与所述终端建立WPS会话协商过程;其中,所述第一链路为终端与所述第一热点之间建立的链路,所述第二链路为终端与所述第二热点之间建立的链路,如此,本发明实施例从安全等级较低的第一链路自动切换到安全等级较高的第二链路,能够在不影响用户体验的前提下保障WLAN中通信链路的安全性。In the embodiment of the present invention, after the first hotspot, the second hotspot, and the switching policy between the first hotspot and the second hotspot are configured, the WPS request message may be sent by the first link receiving terminal; a switching policy between a hot spot and a second hot spot, the WPS request message is transmitted from a first link corresponding to the first hot spot to a second link corresponding to the second hot spot, and the second link and the second link are The terminal establishes a WPS session negotiation process, where the first link is a link established between the terminal and the first hotspot, and the second link is a chain established between the terminal and the second hotspot. Therefore, the embodiment of the present invention automatically switches from the first link with a lower security level to the second link with a higher security level, and can ensure the security of the communication link in the WLAN without affecting the user experience.
为了更清楚地对本发明实施例进行说明,下面以实施例一及实施例二为例,对本发明实施例中的WLAN中的接入流程进行详细描述:For a more detailed description of the embodiments of the present invention, the access flow in the WLAN in the embodiment of the present invention is described in detail below by using the first embodiment and the second embodiment as an example:
实施例一 Embodiment 1
本实施例一中,预先配置具有不加密属性的第一热点与具有加密属性的第二热点,以及所述第一热点与第二热点之间的切换策略;其中,所述第一热点的网络参数配置为:SSID1为Chinanet、安全类型为Open类型、网络类型为广播类型,所述第二热点的网络参数配置为:SSID2为Chinanet、安全类型为WAP2加密类型、网络类型为不广播类型。In the first embodiment, a first hotspot having an unencrypted attribute and a second hot spot having an encrypted attribute, and a switching policy between the first hotspot and the second hotspot are configured in advance; wherein the first hotspot network The parameter configuration is: SSID1 is Chinanet, the security type is Open, and the network type is broadcast. The network parameters of the second hotspot are: SSID2 is Chinanet, security type is WAP2 encryption type, and network type is non-broadcast type.
终端当前的位置在运营商布置的公共WLAN的网络范围内时,用户开启终端的WiFi功能,通过WiFi功能自动搜索并显示当前WLA网络范围内的可见热点,用户选择并连接到服务集标识为Chinanet的第一热点,与所述第一热点建立Open链路。When the current location of the terminal is within the network range of the public WLAN deployed by the operator, the user turns on the WiFi function of the terminal, and automatically searches for and displays the visible hotspot within the current WLA network through the WiFi function, and the user selects and connects to the service set identifier as Chinanet. The first hot spot establishes an Open link with the first hot spot.
本实施例一的WLAN中的接入流程,如图3所示,具体包括如下步骤:The access process in the WLAN in the first embodiment, as shown in FIG. 3, specifically includes the following steps:
步骤S300:无线AP通过所述Open链路接收终端发送的网络连接请求;Step S300: The wireless AP receives the network connection request sent by the terminal by using the Open link.
步骤S301:接收到终端发送的网络连接请求时,对所述终端的用户身份进行合法性验证;若验证通过,则通过Open链路与所述终端建立WPS会话协商过程,并转入步骤S302;若验证未通过,则断开所述终端与所述第一热点之间的Open链路,并结束处理流程。Step S301: When receiving the network connection request sent by the terminal, verify the validity of the user identity of the terminal; if the verification is successful, establish a WPS session negotiation process with the terminal through the Open link, and proceed to step S302; If the verification fails, the Open link between the terminal and the first hotspot is disconnected, and the processing flow ends.
这里,对所述终端的用户身份进行合法性验证,具体实现过程如下:Here, the validity of the user identity of the terminal is verified, and the specific implementation process is as follows:
将所述网络连接请求重定向到运营商所设置的Web认证服务器进行访问后,终端可以通过Web浏览器进入到Web认证网站,输入WiFi业务的用户名和密码,进行WiFi业务验证;所述Web认证服务器获取到用户输入的用户名和密码后,根据获取的用户名和密码对所述终端的用户身份进行合法性验证,然后,将验证结果通知所述无线AP及终端,指示所述终端发起WPS处理流程。After the network connection request is redirected to the web authentication server set by the operator for access, the terminal can enter the web authentication website through the web browser, input the username and password of the WiFi service, and perform WiFi service verification; the web authentication After obtaining the user name and password entered by the user, the server performs legality verification on the identity of the user of the terminal according to the obtained user name and password, and then notifies the wireless AP and the terminal of the verification result, and instructs the terminal to initiate a WPS process. .
这里,所述终端收到验证通过的消息时,自身发起WPS处理流程;同时,基于已经建立的Open链路向所述无线AP发送WPS请求消息。Here, when the terminal receives the verification pass message, it initiates a WPS process flow; meanwhile, it sends a WPS request message to the wireless AP based on the established Open link.
步骤S302:通过Open链路接收所述终端发送WPS请求消息。 Step S302: Receive, by using an Open link, the terminal to send a WPS request message.
这里,首先通过Open链路与所述终端建立WPS会话协商过程,接收所述终端发送WPS请求消息。Here, the WPS session negotiation process is first established with the terminal through the Open link, and the terminal is sent to send a WPS request message.
步骤S303:根据所述第一热点与第二热点之间的切换策略,将所述WPS请求消息由第一热点对应的Open链路传递到第二热点对应的WAP2加密链路,并通过所述WAP2加密链路与所述终端建立WPS会话协商过程。Step S303: The WPS request message is transmitted from the Open link corresponding to the first hot spot to the WAP2 encrypted link corresponding to the second hot spot according to the switching policy between the first hot spot and the second hot spot, and the The WAP2 encrypted link establishes a WPS session negotiation process with the terminal.
这里,在所述第二链路中与所述终端协商密钥并建立数据连接,能够保障WLAN中通信链路的安全性。Here, in the second link, the key is negotiated with the terminal and a data connection is established, which can ensure the security of the communication link in the WLAN.
本发明实施一的网络连接过程中,终端与连接现有Open热点的操作步骤一致,不需要输入第二热点的密码就可与所述第二热点建立对应的受WPA2保护的加密链路,通过受WPA2保护的加密链路进行数据传输;如此,终端可由最初连接的第一热点对应的Open链路自动切换到第二热点对应的受WPA2保护的加密链路,通过受WPA2保护的加密链路进行数据传输,从而在不影响用户体验的前提下保障WLAN中通信链路的安全性。In the network connection process of the first embodiment of the present invention, the terminal is consistent with the operation step of connecting the existing Open hotspot, and the WPA2-protected encrypted link can be established corresponding to the second hotspot without inputting the password of the second hotspot. The data transmission is performed by the WPA2-protected encrypted link; in this way, the terminal can be automatically switched to the WPA2-protected encrypted link corresponding to the second hotspot by the Open link corresponding to the first hotspot that is initially connected, through the encrypted link protected by WPA2 Data transmission is performed to ensure the security of the communication link in the WLAN without affecting the user experience.
实施例二Embodiment 2
基于上述实施例一中的配置,终端当前的位置在运营商布置的公共WLAN的网络范围内时,用户开启终端的WiFi功能,通过WiFi功能自动搜索并显示当前WLA网络范围内的可见热点,用户选择并连接到服务集标识为Chinanet的第一热点,与所述第一热点建立Open链路。Based on the configuration in the first embodiment, when the current location of the terminal is within the network range of the public WLAN deployed by the operator, the user turns on the WiFi function of the terminal, and automatically searches for and displays the visible hotspot in the current WLA network range through the WiFi function. Selecting and connecting to the first hot spot whose service set identifier is Chinanet, and establishing an Open link with the first hotspot.
实施例二中的WLAN中的接入流程,如图4所示,具体包括如下步骤:The access procedure in the WLAN in the second embodiment, as shown in FIG. 4, specifically includes the following steps:
步骤S400:无线AP通过所述Open链路接收终端发送的网络连接请求;Step S400: The wireless AP receives the network connection request sent by the terminal by using the Open link.
步骤S401:接收到终端发送的网络连接请求时,通过Open链路与所述终端建立WPS会话协商过程。Step S401: When receiving the network connection request sent by the terminal, establish a WPS session negotiation process with the terminal through the Open link.
步骤S402:通过第一链路接收所述终端发送WPS请求消息。Step S402: Receive, by using the first link, the terminal to send a WPS request message.
步骤S403:根据所述第一热点与第二热点之间的切换策略,将所述WPS请求消息由第一热点对应的Open链路传递到第二热点对应的WAP2 加密链路,并通过所述WAP2加密链路与所述终端建立WPS会话协商过程。Step S403: The WPS request message is transmitted from the Open link corresponding to the first hot spot to the WAP2 corresponding to the second hot spot according to the switching policy between the first hot spot and the second hot spot. Encrypting the link and establishing a WPS session negotiation process with the terminal through the WAP2 encrypted link.
为实现上述方法,本发明实施例还提供了两种无线AP,由于无线AP解决问题的原理与方法相似,因此,无线AP的实施过程及实施原理均可以参见前述方法的实施过程及实施原理描述,重复之处不再赘述。In order to implement the foregoing method, the embodiment of the present invention further provides two types of wireless APs. The principle and method for solving the problem by the wireless AP are similar. Therefore, the implementation process and implementation principles of the wireless AP can refer to the implementation process and the implementation principle of the foregoing method. , the repetition will not be repeated.
如图5所示,本发明实施例提供的一种无线AP,包括:第一配置模块500、第二配置模块501;其中,As shown in FIG. 5, a wireless AP according to an embodiment of the present invention includes: a first configuration module 500 and a second configuration module 501;
所述第一配置模块500,配置为配置具有不加密属性的第一热点与具有加密属性的第二热点,所述第一热点的服务集标识SSID与所述第二热点的SSID相同;The first configuration module 500 is configured to configure a first hotspot with an unencrypted attribute and a second hotspot with an encrypted attribute, where the service set identifier SSID of the first hotspot is the same as the SSID of the second hotspot;
其中,所述第一热点的网络参数包括:SSID1、安全类型为不加密类型、网络类型为广播类型,所述第二热点的网络参数为:SSID2、安全类型为加密类型、网络类型为不广播类型,所述SSID1与所述SSID2相同;The network parameters of the first hotspot include: SSID1, the security type is unencrypted, and the network type is broadcast. The network parameters of the second hotspot are: SSID2, the security type is the encryption type, and the network type is not broadcast. Type, the SSID1 is the same as the SSID2;
其中,所述不加密的网络类型为开放Open类型;所述加密的网络类型为WPA2类型;The unencrypted network type is an Open Open type; the encrypted network type is a WPA2 type;
所述第二配置模块501,配置为配置所述第一热点与所述第二热点之间的切换策略,所述切换策略用于将终端与第一热点之间的通信切换为与第二热点之间的通信。The second configuration module 501 is configured to configure a handover policy between the first hotspot and the second hotspot, where the handover policy is used to switch communication between the terminal and the first hotspot to be the second hotspot Communication between.
为了描述的方便,以上所述无线访问节点的各部分以功能分为各种模块或单元分别描述。以上功能单元或模块的划分方式仅为本发明实施例给出的一种优选实现方式,功能单元或模块的划分方式不构成对本发明的限制。For convenience of description, the various parts of the wireless access node described above are separately described by functions into various modules or units. The division of the above functional units or modules is only a preferred implementation manner of the embodiments of the present invention, and the division manner of the functional units or modules does not constitute a limitation of the present invention.
如图6所示,本发明实施例提供的另一种无线AP,包括:第一配置模块500、第二配置模块501、接收模块600、连接管理模块601;其中,As shown in FIG. 6, another wireless AP provided by the embodiment of the present invention includes: a first configuration module 500, a second configuration module 501, a receiving module 600, and a connection management module 601;
所述第一配置模块500,配置为配置具有不加密属性的第一热点与具有加密属性的第二热点,所述第一热点的服务集标识SSID与所述第二热点的 SSID相同;The first configuration module 500 is configured to configure a first hotspot with an unencrypted attribute and a second hotspot with an encrypted attribute, where the service set identifier of the first hot spot identifies the SSID and the second hotspot Same SSID;
所述第二配置模块501,配置为所述第一热点与第二热点之间的切换策略,所述切换策略用于将终端与第一热点之间的通信切换为与第二热点之间的通信;The second configuration module 501 is configured as a switching policy between the first hotspot and the second hotspot, where the switching policy is used to switch communication between the terminal and the first hotspot to be between the second hotspot and the second hotspot. Communication
所述接收模块600,配置为通过第一链路接收终端发送WPS请求消息;The receiving module 600 is configured to send a WPS request message by using the first link receiving terminal;
所述连接管理模块601,配置为根据所述第一热点与第二热点之间的切换策略,将所述WPS请求消息由第一热点对应的第一链路传递到第二热点对应的第二链路,并通过所述第二链路与所述终端建立WPS会话协商过程;其中,所述第一链路为终端与所述第一热点之间建立的链路,所述第二链路为终端与所述第二热点之间建立的链路。The connection management module 601 is configured to: forward the WPS request message from the first link corresponding to the first hot spot to the second corresponding to the second hot spot according to the switching policy between the first hot spot and the second hot spot And establishing, by the second link, a WPS session negotiation process with the terminal, where the first link is a link established between the terminal and the first hotspot, and the second link is A link established between the terminal and the second hotspot.
具体实施中,所述无线AP还包括:In a specific implementation, the wireless AP further includes:
验证模块602,配置为通过所述第一链路接收所述终端发送的网络连接请求时,对所述终端的用户身份进行合法性验证,验证通过后通过第一链路与所述终端建立WPS会话协商过程。The verification module 602 is configured to perform legality verification on the identity of the user of the terminal when the first link receives the network connection request sent by the terminal, and establish a WPS with the terminal through the first link after the verification is passed. Session negotiation process.
为了描述的方便,以上所述无线访问节点的各部分以功能分为各种模块或单元分别描述。以上功能单元或模块的划分方式仅为本发明实施例给出的一种优选实现方式,功能单元或模块的划分方式不构成对本发明的限制。For convenience of description, the various parts of the wireless access node described above are separately described by functions into various modules or units. The division of the above functional units or modules is only a preferred implementation manner of the embodiments of the present invention, and the division manner of the functional units or modules does not constitute a limitation of the present invention.
在实际应用中,所述无线AP可以是具有自动切换链路功能的单纯性无线接入点、无线路由器、无线网关或无线网桥等设备。In practical applications, the wireless AP may be a simple wireless access point with a function of automatically switching links, a wireless router, a wireless gateway, or a wireless bridge.
在实际应用中,所述第一配置模块500、第二配置模块501可由位于所述无线AP的中央处理器(CPU)、微处理器(MPU)、数字信号处理器(DSP)、或现场可编程门阵列(FPGA)实现;所述第一配置模块500、第二配置模块501、接收模块600、连接管理模块601可由位于所述无线访问节点的中央处理器(CPU)、微处理器(MPU)、数字信号处理器(DSP)、或现 场可编程门阵列(FPGA)实现。In a practical application, the first configuration module 500 and the second configuration module 501 may be located by a central processing unit (CPU), a microprocessor (MPU), a digital signal processor (DSP), or a field located in the wireless AP. Programming gate array (FPGA) implementation; the first configuration module 500, the second configuration module 501, the receiving module 600, and the connection management module 601 may be a central processing unit (CPU), a microprocessor (MPU) located at the wireless access node ), digital signal processor (DSP), or current Field Programmable Gate Array (FPGA) implementation.
本发明所述的方法并不限于具体实施方式中所述的实施例,本领域技术人员根据本发明的技术方案得出其它的实施方式,同样属于本发明的技术创新范围。The method described in the present invention is not limited to the embodiments described in the specific embodiments, and other embodiments are obtained by those skilled in the art according to the technical solutions of the present invention, which also belong to the technical innovation scope of the present invention.
显然,本领域的技术人员可以对本发明进行各种改动和变型而不脱离本发明的精神和范围。这样,倘若本发明的这些修改和变型属于本发明权利要求及其等同技术的范围之内,则本发明也意图包含这些改动和变型在内。It is apparent that those skilled in the art can make various modifications and variations to the invention without departing from the spirit and scope of the invention. Thus, it is intended that the present invention cover the modifications and modifications of the invention
工业实用性Industrial applicability
综合本发明的各实施例,无线访问节点配置具有不加密属性的第一热点,能方便用户接入WLAN;配置具有加密属性的第二热点,又能保障WLAN中通信链路的安全性;并且,通过所述第一热点与所述第二热点之间的切换策略,能够使所述第一热点与第二热点之间建立通信连接。另外,能够将终端从安全等级较低的第一链路自动切换到安全等级较高的第二链路,能够在不影响用户体验的前提下保障WLAN中通信链路的安全性。 According to various embodiments of the present invention, the wireless access node is configured with a first hotspot with no encryption attribute, which can facilitate the user to access the WLAN, and the second hotspot with the encryption attribute can be configured to ensure the security of the communication link in the WLAN; And establishing, by using a switching policy between the first hotspot and the second hotspot, a communication connection between the first hotspot and the second hotspot. In addition, the terminal can be automatically switched from the first link with a lower security level to the second link with a higher security level, and the security of the communication link in the WLAN can be ensured without affecting the user experience.

Claims (10)

  1. 一种无线局域网中的热点配置方法,所述方法包括:A method for configuring a hotspot in a wireless local area network, the method comprising:
    无线访问节点配置具有不加密属性的第一热点与具有加密属性的第二热点,所述第一热点的服务集标识SSID与所述第二热点的SSID相同;The wireless access node configures a first hot spot having an unencrypted attribute and a second hot spot having an encrypted attribute, and the service set identifier SSID of the first hot spot is the same as the SSID of the second hot spot;
    配置所述第一热点与所述第二热点之间的切换策略,所述切换策略用于将终端与第一热点之间的通信切换为与第二热点之间的通信。And configuring a handover policy between the first hotspot and the second hotspot, where the handover policy is used to switch communication between the terminal and the first hotspot to communicate with the second hotspot.
  2. 根据权利要求1所述的方法,其中,所述第一热点的网络参数包括:SSID1、安全类型为不加密类型、网络类型为广播类型;所述第二热点的网络参数包括:SSID2、安全类型为加密类型、网络类型为不广播类型;其中,所述SSID1与SSID2相同。The method according to claim 1, wherein the network parameters of the first hotspot comprise: SSID1, the security type is unencrypted type, the network type is broadcast type; and the network parameters of the second hotspot include: SSID2, security type For the encryption type, the network type is a non-broadcast type; wherein the SSID1 is the same as the SSID2.
  3. 根据权利要求2所述的方法,其中,所述不加密类型为开放Open类型;所述加密类型为无线保真保护访问WPA2类型。The method of claim 2, wherein the unencrypted type is an Open Open type; the encryption type is a Wireless Fidelity Protected Access WPA2 type.
  4. 一种无线局域网中的接入方法,配置具有不加密属性的第一热点与具有加密属性的二热点、以及所述第一热点与第二热点之间的切换策略,所述第一热点的SSID与所述第二热点的SSID相同;所述方法还包括:An access method in a wireless local area network, configured with a first hot spot having an unencrypted attribute and a second hot spot having an encryption attribute, and a switching policy between the first hot spot and the second hot spot, and an SSID of the first hot spot The same as the SSID of the second hotspot; the method further includes:
    无线访问节点通过第一链路接收终端发送的无线保真保护设置WPS请求消息;The wireless access node receives the wireless fidelity protection setting WPS request message sent by the terminal through the first link;
    根据所述第一热点与第二热点之间的切换策略,将所述WPS请求消息由第一热点对应的第一链路传递到第二热点对应的第二链路,并通过所述第二链路与所述终端建立WPS会话协商过程;其中,所述第一链路为终端与所述第一热点之间建立的链路,所述第二链路为终端与所述第二热点之间建立的链路。And transmitting, according to the switching policy between the first hotspot and the second hotspot, the WPS request message by the first link corresponding to the first hot spot to the second link corresponding to the second hot spot, and passing the second The link establishes a WPS session negotiation process with the terminal, where the first link is a link established between the terminal and the first hotspot, and the second link is a terminal and the second hot spot. The link established between.
  5. 根据权利要求4所述的方法,其中,所述通过第一链路接收终端发送WPS请求消息之前,所述方法还包括:The method of claim 4, wherein the method further comprises: before the sending, by the first link receiving terminal, the WPS request message:
    通过所述第一链路接收所述终端发送的网络连接请求; Receiving, by using the first link, a network connection request sent by the terminal;
    对所述终端的用户身份进行合法性验证,验证通过后通过第一链路与所述终端建立WPS会话协商过程。Performing a legality verification on the identity of the user of the terminal, and establishing a WPS session negotiation process with the terminal through the first link after the verification is passed.
  6. 一种无线访问节点AP,所述无线访问节点包括:第一配置模块、第二配置模块;其中,A wireless access node AP, the wireless access node includes: a first configuration module and a second configuration module;
    所述第一配置模块,配置为配置具有不加密属性的第一热点与具有加密属性的第二热点,所述第一热点的SSID与所述第二热点的SSID相同;The first configuration module is configured to configure a first hot spot having an unencrypted attribute and a second hot spot having an encrypted attribute, where an SSID of the first hot spot is the same as an SSID of the second hot spot;
    所述第二配置模块,配置为配置所述第一热点与所述第二热点之间的切换策略,所述切换策略用于将终端与第一热点之间的通信切换为与第二热点之间的通信。The second configuration module is configured to configure a switching policy between the first hotspot and the second hotspot, where the switching policy is used to switch communication between the terminal and the first hotspot to be the second hotspot Communication between.
  7. 根据权利要求6所述的无线AP,其中,所述第一热点的网络参数包括:SSID1、安全类型为不加密类型、网络类型为广播类型;所述第二热点的网络参数包括:SSID2、安全类型为加密类型、网络类型为不广播类型;其中,所述SSID1与SSID2相同。The wireless AP according to claim 6, wherein the network parameters of the first hotspot include: SSID1, the security type is unencrypted, and the network type is broadcast; the network parameters of the second hotspot include: SSID2, security The type is an encryption type, and the network type is a non-broadcast type; wherein the SSID1 is the same as the SSID2.
  8. 根据权利要求7所述的无线AP,其中,所述不加密的网络类型为开放Open类型;所述加密的网络类型为WPA2类型。The wireless AP of claim 7, wherein the unencrypted network type is an Open Open type; and the encrypted network type is a WPA2 type.
  9. 一种无线AP,所述无线访问节点包括:第一配置模块、第二配置模块、接收模块、连接管理模块;其中,a wireless AP, the wireless access node includes: a first configuration module, a second configuration module, a receiving module, and a connection management module;
    所述第一配置模块,配置为配置具有不加密属性的第一热点与具有加密属性的第二热点,所述第一热点的SSID与所述第二热点的SSID相同;The first configuration module is configured to configure a first hot spot having an unencrypted attribute and a second hot spot having an encrypted attribute, where an SSID of the first hot spot is the same as an SSID of the second hot spot;
    所述第二配置模块,配置为配置所述第一热点与所述第二热点之间的切换策略,所述切换策略用于将终端与第一热点之间的通信切换为与第二热点之间的通信;The second configuration module is configured to configure a switching policy between the first hotspot and the second hotspot, where the switching policy is used to switch communication between the terminal and the first hotspot to be the second hotspot Communication between
    所述接收模块,配置为通过第一链路接收终端发送的WPS请求消息;The receiving module is configured to receive, by using the first link, a WPS request message sent by the terminal;
    所述连接管理模块,配置为根据所述第一热点与第二热点之间的切换策略,将所述WPS请求消息由第一热点对应的第一链路传递到第二热点对 应的第二链路,并通过所述第二链路与所述终端建立WPS会话协商过程;其中,所述第一链路为终端与所述第一热点之间建立的链路,所述第二链路为终端与所述第二热点之间建立的链路。The connection management module is configured to: forward the WPS request message from the first link corresponding to the first hot spot to the second hot spot pair according to the switching policy between the first hot spot and the second hot spot a second link, and establishing a WPS session negotiation process with the terminal by using the second link; wherein the first link is a link established between the terminal and the first hotspot, The second link is a link established between the terminal and the second hotspot.
  10. 根据权利要求9所述的无线AP,其中,所述无线AP还包括:The wireless AP of claim 9, wherein the wireless AP further comprises:
    验证模块,配置为通过所述第一链路接收所述终端发送的网络连接请求时,对所述终端的用户身份进行合法性验证,验证通过后通过第一链路与所述终端建立WPS会话协商过程。 The verification module is configured to verify the validity of the user identity of the terminal when the network connection request sent by the terminal is received by using the first link, and establish a WPS session with the terminal through the first link after the verification is passed. Negotiation process.
PCT/CN2015/074785 2014-07-24 2015-03-20 Hotspot configuration method, access method and device in wireless local area network WO2016011824A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
US15/328,182 US20180027025A1 (en) 2014-07-24 2015-03-20 Hotspot configuration method, access method and device in wireless local area network
EP15825357.5A EP3174325B1 (en) 2014-07-24 2015-03-20 Hotspot configuration method, access method and device in wireless local area network

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201410356304.1A CN104168561B (en) 2014-07-24 2014-07-24 Hot spot configuration method, cut-in method and equipment in a kind of WLAN
CN201410356304.1 2014-07-24

Publications (1)

Publication Number Publication Date
WO2016011824A1 true WO2016011824A1 (en) 2016-01-28

Family

ID=51912153

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2015/074785 WO2016011824A1 (en) 2014-07-24 2015-03-20 Hotspot configuration method, access method and device in wireless local area network

Country Status (4)

Country Link
US (1) US20180027025A1 (en)
EP (1) EP3174325B1 (en)
CN (2) CN105828326B (en)
WO (1) WO2016011824A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11032708B2 (en) 2018-09-26 2021-06-08 International Business Machines Corporation Securing public WLAN hotspot network access
CN114222274A (en) * 2020-09-16 2022-03-22 华为技术有限公司 Communication method and electronic equipment

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105828326B (en) * 2014-07-24 2021-01-01 中兴通讯股份有限公司 Access method of wireless local area network and wireless access node
WO2017079923A1 (en) 2015-11-11 2017-05-18 华为技术有限公司 Network switching method and apparatus
CN106231686A (en) * 2016-07-28 2016-12-14 上海斐讯数据通信技术有限公司 Prevent rubbing net device, system and the method for connection route device
CN106060818A (en) * 2016-07-28 2016-10-26 上海斐讯数据通信技术有限公司 Method for connecting router and router
US11418959B2 (en) 2016-12-30 2022-08-16 British Telecommunications Public Limited Company Automatic pairing of devices to wireless networks
CN108702625B (en) * 2017-02-27 2020-08-25 华为技术有限公司 Method, device and terminal for establishing wireless local area network connection
CN107302785B (en) * 2017-07-04 2019-12-06 中国联合网络通信集团有限公司 Access method, intelligent device, gateway and access system
FR3077458B1 (en) * 2018-01-31 2020-01-17 Sagemcom Broadband Sas METHOD FOR AGGREGATION OF A PLURALITY OF RADIO CONNECTIONS IN A WIRELESS NETWORK
EP3683637B1 (en) * 2019-01-16 2023-03-22 Siemens Aktiengesellschaft Method for producing a bidirectional connection between a device, in particular a field device, and an application in a central device
CN111010693B (en) * 2019-11-25 2023-10-03 华为技术有限公司 Method for providing wireless fidelity network access service and electronic equipment
JP7443881B2 (en) * 2020-03-27 2024-03-06 セイコーエプソン株式会社 Electronic equipment, communication systems and communication methods

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101489222A (en) * 2009-02-25 2009-07-22 杭州华三通信技术有限公司 Method for simultaneously providing clear text and ciphering service by the same hot spot and wireless access apparatus
CN101626609A (en) * 2008-07-10 2010-01-13 株式会社理光 Communication apparatus
CN103458408A (en) * 2013-08-19 2013-12-18 小米科技有限责任公司 Network connection method and network sharing method and device
CN104168561A (en) * 2014-07-24 2014-11-26 中兴通讯股份有限公司 Hot-spot configuration method and accessing method and device in wireless local-area network

Family Cites Families (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8064948B2 (en) * 2006-01-09 2011-11-22 Cisco Technology, Inc. Seamless roaming for dual-mode WiMax/WiFi stations
CN105141588A (en) * 2006-10-31 2015-12-09 意大利电信股份公司 Management of seamless handover between different communication systems in IP (Internet Protocol) dual-mode terminal
JP5396863B2 (en) * 2009-01-07 2014-01-22 ヤマハ株式会社 Wireless network system
CN101534531B (en) * 2009-04-02 2011-07-13 中兴通讯股份有限公司 A network switching method and system
US8750265B2 (en) * 2009-07-20 2014-06-10 Wefi, Inc. System and method of automatically connecting a mobile communication device to a network using a communications resource database
CN102014381B (en) * 2009-09-08 2012-12-12 华为技术有限公司 Encryption algorithm consultation method, network element and mobile station
KR101626465B1 (en) * 2009-10-26 2016-06-01 삼성전자주식회사 Apparatus and method for connecting the access point in portable communication system
ES2750031T3 (en) * 2010-09-16 2020-03-24 Nokia Technologies Oy Dynamic account creation with zone network with secured wireless coverage
US9565558B2 (en) * 2011-10-21 2017-02-07 At&T Intellectual Property I, L.P. Securing communications of a wireless access point and a mobile device
CN103200618B (en) * 2012-01-05 2020-03-10 中兴通讯股份有限公司 Wireless local area network WLAN hotspot function control processing method and device
US9161219B2 (en) * 2012-06-22 2015-10-13 Guest Tek Interactive Entertainment Ltd. Authorizing secured wireless access at hotspot having open wireless network and secure wireless network
CN103686899A (en) * 2012-09-25 2014-03-26 东莞宇龙通信科技有限公司 A switching method between a mobile data service network and a wifi network and a mobile terminal thereof
CN102984773B (en) * 2012-11-23 2015-09-16 富春通信股份有限公司 WLAN changing method under LTE-WLAN interworking between network and device
CN103491648B (en) * 2013-09-18 2018-04-10 宇龙计算机通信科技(深圳)有限公司 Communication means and system based on WIFI
CN105100955A (en) * 2014-05-16 2015-11-25 中兴通讯股份有限公司 Set top box switching network method and device, and set top box provided with device

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101626609A (en) * 2008-07-10 2010-01-13 株式会社理光 Communication apparatus
CN101489222A (en) * 2009-02-25 2009-07-22 杭州华三通信技术有限公司 Method for simultaneously providing clear text and ciphering service by the same hot spot and wireless access apparatus
CN103458408A (en) * 2013-08-19 2013-12-18 小米科技有限责任公司 Network connection method and network sharing method and device
CN104168561A (en) * 2014-07-24 2014-11-26 中兴通讯股份有限公司 Hot-spot configuration method and accessing method and device in wireless local-area network

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See also references of EP3174325A4 *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11032708B2 (en) 2018-09-26 2021-06-08 International Business Machines Corporation Securing public WLAN hotspot network access
CN114222274A (en) * 2020-09-16 2022-03-22 华为技术有限公司 Communication method and electronic equipment
CN114222274B (en) * 2020-09-16 2022-12-13 华为技术有限公司 Communication method and electronic equipment

Also Published As

Publication number Publication date
US20180027025A1 (en) 2018-01-25
CN105828326B (en) 2021-01-01
EP3174325A4 (en) 2017-07-05
CN104168561B (en) 2018-08-28
EP3174325B1 (en) 2018-09-12
CN104168561A (en) 2014-11-26
EP3174325A1 (en) 2017-05-31
CN105828326A (en) 2016-08-03

Similar Documents

Publication Publication Date Title
WO2016011824A1 (en) Hotspot configuration method, access method and device in wireless local area network
JP6715867B2 (en) Unified authentication for integrated small cell and WIFI networks
CN111052781B (en) Method and apparatus for negotiating security and integrity algorithms
US10015142B2 (en) Mobile hotspot managed by access controller
EP2900006B1 (en) Method and system for securely accessing portable hotspot of smart phones
CN107005534B (en) Method and device for establishing secure connection
US8037305B2 (en) Securing multiple links and paths in a wireless mesh network including rapid roaming
EP2939391B1 (en) Method and system for secure network access
US8982862B2 (en) Mobile gateway for fixed mobile convergence of data service over an enterprise WLAN
JP2008537644A (en) Method and system for fast roaming of mobile units in a wireless network
US10959091B2 (en) Network handover protection method, related device, and system
US20200359349A1 (en) Establishing simultaneous mesh node connections
CN108293183B (en) Handover between E-UTRAN and WLAN
JP7470671B2 (en) NON-3GPP DEVICE ACCESS TO CORE NETWORK - Patent application
JP2007538470A (en) Method for managing access to a virtual private network of a portable device without a VPN client
CN101765057A (en) Method, equipment and system for providing multicast service to WiFi access terminal
Liu et al. Security analysis of mobile device-to-device network applications
WO2011127774A1 (en) Method and apparatus for controlling mode for user terminal to access internet
US20200396613A1 (en) Securing transmission paths in a mesh network
US20110002272A1 (en) Communication apparatus and communication method
KR20190000781A (en) Method for transmitting data of terminal, the terminal and control method of data transmission
CN105208557B (en) A kind of safety establishes the method and wireless router of WIFI connection
WO2012026932A1 (en) Method and apparatus for over-the-air configuration of a wireless device
von Sperling et al. Evaluation of an IoT device designed for transparent traffic analysis
Stiti et al. Creation of Virtual Wi-Fi Access Point and Secured Wi-Fi Pairing, through NFC

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15825357

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

REEP Request for entry into the european phase

Ref document number: 2015825357

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: 2015825357

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: 15328182

Country of ref document: US